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ABSTRACT 



A method of transmitting a message as packets over a 
network includes at least one from the group consisting of: 
forming packets with random sizes, transm itting the packets 
in random order, tr a^mittin gjbe^ackejs^nrougn dikerent 
TWffe ; s» l 'in , LlllH T i , e , lwoft, and transTnTSn^ummy^M 
ffitejpa^^ 

puter-reacfable medium having instructions for causing a 
computer to perform at least one from the group described. 
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METHOD AND APPARATUS FOR TRANSMITTING 
MESSAGES 

BACKGROUND OF THE INVENTION 
[0001] 1. Field of ihe Invention 

[0002] This invenlion relates in general to transmission of 
messages, and more particularly to a method and apparatus 
for transmitting messages as packets over a network. 

[0003] 2. Description of Related Art 

[0004] During the last decade, the amount of information 
that is transmitted in various networks has multiplied a great 
number of times. With the increased reliance on electroni- 
cally transmitted messages comes a greater vulnerability to 
intrusion or interception by adversaries or other unautho- 
rized persons. Today information is communicated over a 
multitude of different networks, many of which are con- 
nected to each other. The most well known and most 
frequently used network is, of course, the Internet. 

[0005] There are many different kinds of message trans- 
missions which the sending and receiving parties have an 
interest in securing from unauthorized access. Companies 
have a need to transmit secret information over their internal 
networks, and sometimes there is a need to provide 
enhanced security of the individual message although the 
network itself is not readily available to unauthorized per- 
sons. The globally increasing use of the Internet has partly 
been of a commercial nature which, of course, creates a 
variety of new security concerns. Individual consumers 
which shop over the Internet have a legitimate interest in 
being able to transmit, for example, a credit card number in 
reliance on satisfactory security measures being taken in the 
transmission. As is well known, unauthorized knowledge of 
a credit card number can easily be used for unauthorized 
purchases. Other kinds of transmitted information is also 
sensible and must be protected appropriately. Customer 
information or other confidential information to which an 
unauthorized person gains access can result in severe det- 
rimental effects for the parties involved. Aside from eco- 
nomic damages resulting from unauthorized access to infor- 
mation transmitted in messages over a network, the sender 
and recipient, of course, have a legitimate interest in that the 
contents of their messages remain confidential if they so 
prefer, regardless of whether the communication pertains to 
commercial enterprises or private matters. 

[0006] A frequently used method for increasing security of 
transmitted messages is encryption. Many different kinds of 
encryption exist, and the main idea of the method is to alter 
an original message in a way that only the sender and 
recipient can reverse to gain access to the original message. 
Federal export regulations control the export of encryption 
methods and devices which are capable of encrypting above 
a certain strength level. In order to export strong encryption 
software and devices, export licenses have to be obtained. 

[0007] However, relying solely on encryption as a means 
for protecting information during message transmission may 
not always be sufficient. An adversary who intends to 
intercept or otherwise interfere with the transmission of 
secure messages will typically be familiar with even the 
most sophisticated encryption methods that are publicly 
known. If an unauthorized person gains access to an 
encrypted message, there is always a risk that the person will 



attempt to identify the encryption key, for example, by using 
a computer to try a great number of different encryption keys 
on the encrypted message. Typically, the larger the 
encrypted message, the greater is the chance that an adver- 
sary may identify the encryption key. Another aspect is that 
the encryption in itself tends to draw unwanted attention 
from adversaries who may be interested in gaining access to 
secret information. 

[0008] It can be seen that there is a need for methods and 
apparatus which allow messages to be transmitted in ways 
such that potential adversaries are given access to a rela- 
tively small amount of information. There is a need for 
methods and apparatus for transmitting a message as packets 
over a network, where one or more security steps may be 
taken to make the message less susceptible to unauthorized 
access. 

SUMMARY OF THE INVENTION 

[0009] To overcome the limitations in the prior art 
described above, and to overcome other limitations that will 
become apparent upon reading and understanding the 
present specification, the present invention discloses meth- 
ods and apparatus for transmitting a message as packets over 
a network. 

[0010] The present invention solves the above-described 
problems by providing a method of transmitting a message 
as packets including at least one from the group consisting 
of: forming packets with random sizes, transmitting the 
packets in random order, transmitting the packets through 
different routes in the network, and transmitting dummy data 
within the packets. 

[0011] An article of manufacture in accordance with the 
principles of the invention includes a computer-readable 
medium having instructions for causing a computer to 
perform the method of invention. 

[0012] These and various other advantages and features of 
novelty which characterize the invention are pointed out 
with particularity in the claims annexed hereto and form a 
part hereof. However, for a better understanding of the 
invention, its advantages, and the objects obtained by its use, 
reference should be made to the drawings which form a 
further part hereof, and to accompanying descriptive matter, 
in which there are illustrated and described specific 
examples of an apparatus in accordance with the invention. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0013] Referring now to the drawings in which like ref- 
erence numbers represent corresponding parts throughout: 

[0014] FIG. 1 is a block diagram illustrating an exemplary 
hardware environment of the present invention; 

[0015] FIG. 2 is a diagram schematically illustrating a 
standard message format; 

[0016] FIG. 3 schematically illustrates a message divided 
into packets with random length; 

[0017] FIG. 4 schematically illustrates a message divided 
into packets each containing a hidden ordering key; 

[0018] FIG. 5 schematically illustrates the transmission of 
two packets through different routes in a network; and 
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[0019] FIG. 6 schematically illustrates a message with 
dummy data placed in the message, the message being 
divided into packets. 

DETAILED DESCRIPTION OF THE 
INVENTION 

[0020] In the following description of the exemplary 
embodiment, reference is made to the accompanying draw- 
ings which form a part hereof, and in which is shown by way 
of illustration the specific embodiment in which the inven- 
tion may be practiced. It is to be understood that other 
embodiments may be utilized as structural changes may be 
made without departing from the scope of the present 
invention. 

[0021] The present invention provides a method of trans- 
mitting a message as packets over a network. The method 
may be performed, for example, by a computer which is 
capable of transmitting messages over the network. The 
computer may, for example, perform the method by reading 
instructions from a computer readable medium. Many dif- 
ferent kinds of computers, including varying hardware envi- 
ronments, can be used to perform the method of the inven- 
tion, for example, the hardware environment described 
below. 

[0022] FIG. 1 is a block diagram that illustrates an exem- 
plary hardware environment for the method according to the 
present invention. The present invention is typically imple- 
mented using a computer 110 comprised of a microproces- 
sor, random access memory (RAM), read-only memory 
(ROM), and other standard components. It is envisioned that 
attached to the computer 110 may be a monitor 112, floppy 
disk drives 114, CD-ROM drives 116. Also included in the 
preferred embodiment may be input devices, for example, a 
mouse pointing device 120 and a keyboard 122. As is 
well-known, the computer 110 may be provided with a 
modem or other communication device (not shown) for 
sending and receiving data from outside the computer 110. 
For example, the computer 110 may be provided with an 
internal modem capable of providing access between the 
computer 110 and at least one network, such as the Internet. 

[0023] The computer 110 operates under the control of an 
operating system 124, such as the Windows, OS/2, Macin- 
tosh, or UNIX operating systems, which is represented in 
FIG. 1 by the screen display on the monitor 112. The 
computer 110 executes one or more computer programs 126, 
which are represented in FIG. 1 by the "windows" displayed 
on the monitor 112, under the control of the operating 
system 124. The present invention comprises transmission 
of messages over a network, and a function for performing 
the method may, for example, be implemented in the oper- 
ating system 124 and/or computer programs 126. 

[0024] Generally, the operating system 124 and the com- 
puter programs 126 may be tangibly embodied in a com- 
puter-readable medium or carrier, e.g. one or more of the 
fixed and/or removable data storage devices 114 and 116, or 
other data storage or data communications devices. Both the 
operating system 124 and the computer programs 126 may 
be loaded from the data storage devices 114 and 116 into the 
random access memory of the computer 110 for execution 
by the microprocessor as discussed above with reference to 
FIG. 1. Both the operating system 124 and the computer 
programs 126 comprise instructions which, when read and 



executed by the microprocessor of the computer 110, causes 
the computer 110 to perform the steps necessary to execute 
the steps or elements of the present invention. 

[0025] Although an exemplary computer system configu- 
ration is illustrated in FIG. 1, those skilled in the art will 
recognize that any number of different configurations per- 
forming similar functions may be used in accordance with 
the present invention. 

[0026] The messages referred to in this description may be 
of many different kinds. Any type of information that can be 
transmitted over a network as packets may be referred to as 
a message. For example, information such as written mate- 
rials, voice recordings, music recordings, photographs, 
drawings, videograms, etc. are messages which may be 
transmitted as packets over a network. Typically, the infor- 
mation will be converted to digital form in order to facilitate 
the transmission. Many different well-known methods of 
converting information into digital form may be used with 
embodiments of the invention. 

[0027] In this description, messages are consequently 
referred to as being divided into "packets". It is noted that 
other terms may be used for the concept of dividing an 
information structure into units prior to transmission. For 
example, the term "cells" is sometimes used. The invention 
is intended to cover both these notions, and other notions as 
well. 

[0028] The messages transmitted in using embodiments of 
the invention may or may not be encrypted. As noted above, 
encryption includes altering the original message in a way 
that only the sender and the recipient can easily reverse. 
Many different well-known methods of encryption may be 
used with the embodiments of the invention. Some funda- 
mentals of encryption and an exemplary use will be given 
below. 

[0029] Generally speaking, encryption involves mapping 
a message into an encrypted message. Similarly, decrypting 
involves mapping the encrypted message back into the 
message. The message may be defined as an entity in a 
message space, and the encrypted message may similarly be 
defined as an entity in a crypto space. Any method of 
encrypting can then be defined as a function which maps 
entities from the message space into entities in the crypto 
space. Various encryption methods may perform the encryp- 
tion in many different ways. 

[0030] Even if two encryption methods perform the map- 
ping between the message space and the crypto space in 
similar ways, each method may utilize a unique key which 
individualizes the encryption function and prevents unau- 
thorized decryption of the encrypted message unless the 
specific key is known. Encryption keys are typically char- 
acterized by the number of bits of information they include. 
Generally, the greater number of bits the encryption key 
includes, the more difficult it is for an unauthorized person 
to determine the exact encryption key that was used in 
encrypting the message. 

[0031] In order for the receiver of the encrypted message 
to carry out the decryption, the receiver must have access to 
the encryption key which was used in encrypting the mes- 
sage. Various well-known methods of transmitting encryp- 
tion keys between sender and recipient may be used with 
embodiments of the invention. When using methods in 
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accordance with the principles of the invention, a user may 
choose to encrypt the message. 

[0032] Methods of the invention include transmitting the 
message as packets over a network. Many different well- 
known message formats may be used. Typically, the par- 
ticular network will permit messages of one or more formats 
to be transmitted. For example, messages may be transmit- 
ted over the Internet using the Internet Protocol (IP). 

[0033] An exemplary message format is schematically 
shown in FIG. 2. The message format 200 includes data 
portion 201, header portion 202 and trailer portion 203. It is 
noted that the proportions between the different portions of 
the message format 200 will vary between messages. For 
example, when large amounts of information are transmitted 
in the message, the header and trailer portions 202 and 203 
will be relatively small compared to the information portion 
201. The header and trailer portions 202 and 203 are 
sometimes collectively referred to as the "frame". 

[0034] The header portion 202 may include information 
that pertains to the message that is being transmitted and/or 
to the transmission of the message. For example, the header 
portion 202 may include a preamble, destination and source 
addresses, various delimiters, message length, etc. 

[0035] The trailer portion 203 may include various infor- 
mation pertaining to the message being transmitted and/or 
the transmission of the message. For example, the trailer 
portion 203 may include facilities for verifying the authen- 
ticity of the message and/or confirming the integrity of the 
information. As an example, the sender of the message may 
calculate a check sum for the contents of the message and 
store the check sum in the trailer portion 203, whereby a 
receiver of the message can recalculate the check sum to 
verify the integrity of the information in the message. 

[0036] It is noted that during transmission of the message, 
matter may be added to, or removed from, the header portion 
202 and/or the trailer portion 203. It is noted that the 
message format 200 is a conventional message format, and 
that the invention is intended to cover the use of both this 
format and other formats which may exist or which may be 
developed. 

[0037] An embodiment in accordance with the principles 
of the invention will now be described with reference to 
FIG. 3. In this exemplary embodiment, the message 300 has 
been divided into packets 301-305. In dividing the message 
300, the packets 301-305 were formed with random sizes. 
Prior to dividing the message 300 into the packets 301-305, 
the message 300 may have been encrypted using well known 
encryption methods. It is noted that the encryption may be 
carried out at a different stage in the transmission, for 
example, after the message 300 has been divided into the 
packets 301-305. It should be noted the message 300 could 
be divided into more or fewer packets than the five packets 
shown in FIG. 3. 

[0038] When the packets 301-305 are formed with random 
sizes, they may be formed from partly overlapping portions 
of the original message 300, such that the entire message 
300 is distributed between the data portions 311-315. For 
example, the data portion 311 of packet 301 may be formed 
from a portion at the beginning of the original message 300. 
In this example, the data portion 312 of packet 302 may then 



be formed starting with a bit somewhere inside the portion 
that forms the packet 301, such that the data portions 311 and 
312 partly overlap, 

[0039] In dividing the message 300 into packets 301-305 
with random sizes, and distributing the packets 301-305 
over a network to a receiver, it may be more difficult for 
unauthorized persons to gain access to the message 300. The 
randomized packet sizes are preferably kept short, to avoid 
giving an unauthorized person access to much information 
by intercepting a packet. It is noted that the division of the 
message into packets occurs at the bit level, and that byte 
boundaries are not preserved. 

[0040] Another embodiment in accordance with the prin- 
ciples of the invention will now be described with reference 
to FIG. 4. In this exemplary embodiment, the message 400 
has been divided into packets 401-405. The message 400 
was divided such that the packets 401-405 were formed with 
random sizes. The packets 401-405 include data portions 
407-411. It is noted that the message 400 may optionally be 
divided such that the sizes of the packets 401-405 are not 
randomized. The message 400 may be divided into more or 
fewer packets than the five packets shown in FIG. 4. 
Encryption may be used, for example such that the packets 
401-405 are encrypted, or such that the message 400 is 
encrypted prior to dividing it into the packets 401-405. A 
header section 406 is schematically shown at the beginning 
of each packet 401-405. 

[0041] In this example, the packets 401-405 will be trans- 
mitted in random order through the same route in the 
network. For example, if the packets 401-405 were formed 
such that the data portions 407-411 include consecutive 
portions of the message 400, the order of the packets 
401-405 will be randomized in transmission. As another 
example, if the packets 401-405 were formed such that the 
data portions 407-411 include portions of the message 400 
in random order, the packets 401-405 may be transmitted in 
any order. 

[0042] The recipient which receives the packets 401-405 
in random order, must be able to sort them in the correct 
sequence in order to be able to read the message 400. The 
recipient may determine the correct order of the packets 
401-405 in different ways. For example, ordering keys 
412-416 may be inserted in the packets 401-405. The 
receiver may use the ordering keys 412-416 to determine in 
which order to sequence the packets 401-405. The ordering 
keys may be "hidden" in each data portion 407-411, 
whereby it may be more difficult for an unauthorized person 
to use the ordering keys 412-416 to sequence the packets 
401-405 in correct order. Including hidden ordering keys 
412416 may, for example, include hiding the ordering key in 
the data portion of the packet using well-known methods 
such as steganography. As another example, the ordering 
keys 412-416 may be encrypted using well-known encryp- 
tion methods. 

[0043] Another embodiment in accordance with the prin- 
ciples of the invention will now be described with reference 
to FIG. 5. An exemplary network 500 is schematically 
illustrated as consisting of the network constituents 501-509. 
The network constituents 501-509 are connected to each 
other to enable, for example, messages to be transmitted 
between the network constituents 501-509. 
[0044] It is noted that connection lines are shown between 
adjacent network constituents; however, connections 
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between remote network constituents, such as between the 
network constituents 503 and 507, or between the constitu- 
ents 502 and 506, may also exist but have been omitted from 
FIG. 5 for clarity. It is also noted that the connections 
between the network constituents 501-509 may be of dif- 
ferent kinds. For example, wireless connections may be 
used. 

[0045] Each one of the network constituents 501-509 may 
be a device or a network which is capable of exchanging 
messages with the other network constituents in the network 
500. For example, one or more of the network constituents 
501-509 may be a computer or a network or the Internet. 
When one or more of the network constituents 501-509 is a 
network, a user may access that network using any well- 
known device, such as a computer. It is noted that the 
network 500 may include more or fewer network constitu- 
ents than the nine shown in FIG. 5. 

[0046] An exemplary transmission of messages will now 
be described. A sender has access to the network 500 at the 
network constituent 504. The access allows the sender to 
send messages over the network 500 for receipt by any of the 
network constituents. In transmitting a message over the 
network 500, the sender may specify a particular route 
through which the message will be sent. For example, the 
sender may choose to transmit a packet of the message via 
the network constituents 501, 502 and 505, for receipt by the 
network constituent 506, as schematically illustrated by the 
dashed arrow 510. As another example, the sender may 
transmit a packet of a message from the network constituent 
504 via the network constituents 505, 508 and 509, for 
receipt by the network constituent 506, as schematically 
illustrated by the dashed arrow 511. It is noted that many 
different routes through the network 500 may be chosen. It 
is possible that the message will be transmitted via the same 
network constituent more than once when following a route 
over the network 500. It is noted that the schematic illus- 
tration in FIG. 5 not necessarily represents a physical or 
geographical location of the network constituents 501-509. 

[0047] A sender may choose to transmit a message as 
packets through different routes in the network 500 in order 
to make unauthorized access to the message more compli- 
cated. Furthermore, this may make it more difficult for an 
unauthorized person to gain access to all the transmitted 
packets. As another example, the packets may be transmitted 
through random routes in the network 500. 

[0048] In using the embodiment of the invention, the 
message may be divided into packets in different ways, for 
example as described elsewhere herein. It is noted that the 
message and/or the packets may be encrypted prior to 
transmission over the network 500. 

[0049] Yet another embodiment in accordance with the 
principles of the invention will now be described with 
reference to FIG. 6. In this exemplary embodiment, a 
message 600 has been divided into packets, schematically 
shown as the packets 601, 604, 605, 606 and 608, Further- 
more, dummy data are placed inside the message 600. The 
dummy data includes dummy bits that are not part of the 
original message. The packets 601, 604, 605, 606 and 608 
include the message 600 and dummy data, such that one or 
more of the packets contain parts of the original message 
600 and dummy data. 



[0050] Interspersed with the above-mentioned packets are 
dummy packets 602, 603, 607, 609 and 610. The packets 
601-610 have header portions 611-620, for example indi- 
cating routes in a network through which the packets will be 
transmitted. The dummy packets include non-data contents, 
i.e. contents that are not part of the original message 600. 

[0051] The dummy packets will be transmitted with the 
packets of the message 600 in order to make it more difficult 
for an unauthorized person to determine the contents of the 
message 600. The contents of the message 600 is distributed 
through the data portions 621, 624, 625, 626 and 628 
together with the dummy data as described above. 

[0052] As noted above, the packets 601-610 may be 
formed with random sizes. It is also noted that the message 
600 and/or the packets 601-610 may be encrypted prior to 
transmission. 

[0053] The packets 601-610 may be provided with order- 
ing keys 631-640. The ordering keys 631-640 may be placed 
randomly in the packets 601-610. The ordering keys may be 
hidden and/or encrypted. Furthermore, the ordering keys 
631-640 may be used by the recipient to distinguish the 
dummy packets from the packets of the message 600. For 
example, the ordering keys of the dummy packets may 
include ordering numbers such that the dummy packets will 
be placed at the end when the packets 601-610 are placed in 
correct sequence. Other ways by which the sender can 
distinguish the dummy packets from the packets containing 
the message 600 may be used. 

[0054] For clarity, the ordering keys of the dummy packets 
602, 603, 607, 609 and 610 have been shown with a lighter 
shading. It is noted that the dummy packets preferably 
should be indistinguishable from the packets of the message 
600 to an unauthorized person, in order to make unautho- 
rized access to the message 600 more difficult. 

[0055] It is noted that the packets 601-610 may be trans- 
mitted over the network using one or more of the exemplary 
methods described above. For example, the packets 601610 
may be transmitted in random order and/or through different 
routes in the network. The amount of dummy data placed in 
the original message 600 may vary. The amount of dummy 
packets transmitted together with the packets containing the 
message 600 may vary from a single dummy packet up to 
and including large numbers of dummy packets exceeding 
the number of packets containing the message 600. 

[0056] In the above, various embodiments of methods 
have been described. It will be apparent to one skilled in the 
art that the methods may be used individually as well as in 
combinations with each other, 

[0057] The foregoing description of the exemplary 
embodiment of the invention has been presented for the 
purposes of illustration and description. It is not intended to 
be exhaustive or to limit the invention to the precise form 
disclosed. Many modifications and variations are possible in 
light of the above teaching. It is intended that the scope of 
the invention be limited not with this detailed description, 
but rather by the claims appended hereto. 
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What is claimed is: 

1. A method of transmitting a message as packets over a 
network, the method including at least one from the group 
consisting of: 

forming packets with random sizes; 

transmitting the packets in random order; 

transmitting the packets through different routes in a 
network; and 

transmitting dummy data within the packets. 

2. The method of claim 1, wherein transmitting the 
packets in random order includes inserting a hidden ordering 
key in each packet. 

3. The method of claim 2, wherein the hidden ordering 
key is inserted at a random position in the packet. 

4. The method of claim 2, further including encrypting the 
hidden ordering key. 

5. The method of claim 1, wherein transmitting the 
packets through different routes includes inserting a hidden 
ordering key in each packet. 

6. The method of claim 1, wherein transmitting the 
packets through different routes includes transmitting at 
least one packet through each route. 

7. The method of claim 1, wherein transmitting the 
packets through different routes includes transmitting the 
packets through random routes. 

8. The method of claim 1, further including transmitting 
dummy packets having non-data contents with the packets. 

9. The method of claim 1, further including encrypting the 
message. 



10. An article of manufacture comprising a computer- 
readable medium having instructions for causing a computer 
to perform at least one from the group consisting of: 

forming packets with random sizes; 

transmitting the packets in random order; 

transmitting the packets through different routes in a 
network; and 

transmitting dummy data within the packets. 

11. A method of transmitting a message as packets over a 
network, the method including: 

forming packets with random sizes; 

transmitting the packets in random order through different 
routes in a network; and 

transmitting dummy data within the packets. 

12. A message in a network, the message comprising a 
plurality of packets, wherein the packets have random sizes, 
random order or a combination thereof. 

13. A message in a network, the message comprising a 
plurality of packets, wherein: 

the packets are for transmission through different routes in 
a network; 

dummy data are interspersed within the packets; or a 
combination thereof. 

* * * * + 
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